Fix SSL shenanigans with a hack to allow the user to specify the CA bundle file

typos
Start using pyenv and relock pipenv
2023-08-12 04:45:57 -07:00 · 2023-08-12 04:45:40 -07:00 · 2023-08-12 04:45:15 -07:00
6 changed files with 39 additions and 13 deletions
--- a/.python-version
+++ b/.python-version
@ -0,0 +1 @@
+3.11.4
--- a/2
+++ b/2
@ -9,4 +9,4 @@ giteapy-soteria = {git = "https://github.com/Yousif-CS/giteapy.git"}
 [dev-packages]

 [requires]
-python_version = "3.10"
+python_version = "3.11"
--- a/Pipfile.lock
+++ b/Pipfile.lock
@ -1,11 +1,11 @@
 {
    "_meta": {
        "hash": {
-            "sha256": "1dc9e96fd5a12468ed7d0869b11b9fbca2464e4b806fb8b9c17391a41b6f0eb8"
+            "sha256": "22ccbf4d99003c4c606e34c887be35ec01c24dbb31211fcae66e04597514fb32"
        },
        "pipfile-spec": 6,
        "requires": {
-            "python_version": "3.10"
+            "python_version": "3.11"
        },
        "sources": [
            {
@ -18,11 +18,11 @@
    "default": {
        "certifi": {
            "hashes": [
-                "sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3",
-                "sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18"
+                "sha256:539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082",
+                "sha256:92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9"
            ],
            "markers": "python_version >= '3.6'",
-            "version": "==2022.12.7"
+            "version": "==2023.7.22"
        },
        "giteapy-soteria": {
            "git": "https://github.com/Yousif-CS/giteapy.git",
@ -46,11 +46,11 @@
        },
        "urllib3": {
            "hashes": [
-                "sha256:076907bf8fd355cde77728471316625a4d2f7e713c125f51953bb5b3eecf4f72",
-                "sha256:75edcdc2f7d85b137124a6c3c9fc3933cdeaa12ecb9a6a959f22797a0feca7e1"
+                "sha256:8d22f86aae8ef5e410d4f539fde9ce6b2113a001bb4d189e0aed70642d602b11",
+                "sha256:de7df1803967d2c2a98e4b11bb7d6bd9210474c46e8a0401514e3a42a75ebde4"
            ],
-            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
-            "version": "==1.26.14"
+            "markers": "python_version >= '3.7'",
+            "version": "==2.0.4"
        }
    },
    "develop": {}
--- a/README.md
+++ b/README.md
@ -6,7 +6,7 @@ Supports changing destination names a bit, and adding topics to each transferred

 by Mike Peralta

-Current license: You are free to clone and use this program but all other rights reserved, provided you accept 100% of all liability of any outcome of use/download/etc this program. Better license coming soon.
+Current license: You are free to clone and use this program but all other rights reserved, provided you accept 100% of all liability of any outcome of use/download/etc. this program. Better license coming soon.

 ## Requirements

--- a/domain/Migrator.py
+++ b/domain/Migrator.py
@ -4,6 +4,8 @@ import giteapy
 import logging
 import sys

+import certifi
+

 class Migrator:
 	
@ -101,6 +103,15 @@ class Migrator:
 		
 		self.__verify_ssl = b
 	
+	def set_ca_bundle(self, bundle_path: str):
+		
+		self.__logger.info("Setting certificate bundle path")
+		
+		# Hacky but oh well
+		self.__logger.info(f"Old path: {certifi.where()}")
+		certifi.core._CACERT_PATH = bundle_path
+		self.__logger.info(f"New path: {certifi.where()}")
+	
 	def migrate_entire_org(
 			self,
 			interactive: bool = True,
@ -118,6 +129,9 @@ class Migrator:
 		api_source: giteapy.OrganizationApi
 		api_destination: giteapy.OrganizationApi
 		
+		# Tattle on certify
+		self.__logger.info(f"Certifi is currently using CA bundle: {certifi.where()}")
+		
 		# Grab all org repos
 		source_repos = self._fetch_all_org_repos(org=source_org)
 		self.__logger.info(f"Found {len(source_repos)} repos on source:")
--- a/main.py
+++ b/main.py
@ -23,7 +23,7 @@ def main():
 		dest="source_port",
 		required=False,
 		default=None,
-		help="Port of the source server"
+		help="Port of the source server. Requests will use https (not ssh), so you probably don't want to change this."
 	)
 	parser.add_argument(
 		"--source-token",
@ -57,7 +57,7 @@ def main():
 		dest="destination_port",
 		required=False,
 		default=None,
-		help="Port of the destination server"
+		help="Port of the destination server. Requests will use https (not ssh), so you probably don't want to change this."
 	)
 	parser.add_argument(
 		"--destination-token", "--dest-token",
@ -124,6 +124,13 @@ def main():
 		help="Don't verify SSL certificates",
 	)
 	
+	parser.add_argument(
+		"--ca-bundle",
+		dest="ca_bundle",
+		default=None,
+		help="Specify the location of your system-wide CA Bundle, in case python is not using it."
+	)
+	
 	args = parser.parse_args()
 	mig = Migrator(
 		source_host=args.source_hostname,
@ -133,7 +140,11 @@ def main():
 		destination_port=args.destination_port,
 		destination_token=args.destination_token
 	)
+	
 	mig.set_verify_ssl(args.verify_ssl)
+	if args.ca_bundle:
+		mig.set_ca_bundle(args.ca_bundle)
+	
 	mig.migrate_entire_org(
 		interactive=args.interactive,
 		source_org=args.source_org,
Author	SHA1	Message	Date
mike	e665ba79d7	Fix SSL shenanigans with a hack to allow the user to specify the CA bundle file	2023-08-12 04:45:57 -07:00
mike	1a6dcdeb78	typos	2023-08-12 04:45:40 -07:00
mike	c478284764	Start using pyenv and relock pipenv	2023-08-12 04:45:15 -07:00